Saint Vulnerability Scanner updated to 6.7.14

by

In: Application Scanner , Saint , Vulnerability Management , Vulnerability Scanner

31 July 2008

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved

New vulnerability checks in version 6.7.14:

  • Oracle Critical Patch Update Advisory - July 2008. (CVE2008-2587CVE2008-2614 and etc.)
  • Mozilla Firefox Multiple Vulnerabilities fixed in 3.0.1 and 2.0.0.16. (CVE2008-2933CVE2008-2934CVE2008-3198)
  • Sun Java Multiple Vulnerabilities. (CVE2008-3103CVE2008-3104 and etc.)
  • Opera Multiple Vulnerabilities fixed in 9.51. (CVE2008-3078CVE2008-3079)
  • VideoLAN Client WAV File Handling Integer Overflow. (CVE2008-2430)
  • Novell GroupWise WebAccess Simple Interface Cross-Site Scripting.
  • Linux Kernel Multiple Vulnerabilities fixed in 2.6.25.10. (CVE2008-2812CVE2008-3077)
  • Wireshark vulnerability.
  • Red Hat Certificate System rhpki-common Security Bypass.(CVE2008-1676)
  • SNMP to DMI mapper on Solaris vulnerability.
  • php fusion sql injection vulnerability.
  • Mozilla Multiple Products CSS Objects Handling Code Execution. (CVE2008-2785)
  • Novell eDirectory LDAP Service Search Parameters Heap Overflow Vulnerability. (CVE2008-1809)
  • phpmyadmin fixed in 2.11.7.1. (CVE2008-3197)
  • vulnerabilities in Apache2. (CVE2007-6420)
  • vBulletin vulnerability. (CVE2008-3184)
  • Panda ActiveScan vulnerabilities. (CVE2008-3155CVE2008-3156)
  • BlackBerry Attachment Service PDF Processing Remote Code Execution. (CVE2008-3246)
  • Pidgin MSN SLP message Integer Overflow. (CVE2008-2927)
  • Mambo/Joomla remote file inclusion vulnerability.
  • Apple Safari Domain Extensions Insecure Cookie Access and HTTPS to HTTPS Referer Information Disclosure. (CVE2008-3170CVE2008-3171)
  • MyBB vulnerabilities fixed in 1.2.13. (CVE2008-3069CVE2008-3070 etc.)
  • BEA WebLogic Server Apache Connector HTTP Version String Buffer Overflow. (CVE2008-3257)
  • Firebird Multiple Denial of Service and Information Disclosure Vulnerabilities.
  • Simple DNS Plus Remote Denial of Service Vulnerability. (CVE2008-3208)
  • Black Ice Software Document Imaging SDK ActiveX Buffer Overflow. (CVE2008-3209)
  • IBM WebSphere Application Server Vulnerabilities fixed in 5.1.1.19. (CVE2008-3235CVE2008-3236)

New exploits in this version:

  • Microsoft Works WkImgSrv.dll ActiveX exploit. (CVE2008-1898)
  • Alt-N SecurityGateway username exploit.
  • SNMPc Network Manager SNMP TRAP exploit. (CVE2008-2214)
  • Sun Java Web Start exploit. (CVE2008-3111)
  • Linux support for HP Openview Network Node Manager ovalarmsrv exploit.
  • BEA WebLogic Apache Connector POST exploit. (CVE2008-3257)

Post scriptum

Compliance Mandates

  • Application Scanner :

    PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Management :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Application Scanner
Saint
Vulnerability Management
Vulnerability Scanner